If you want to get your hands on a copy of BackTrack 4 Pre-final just donate to Hackers for Charity and you can get a copy.

Here is some more information:

http://www.offensive-security.com/blog/ ... neak-peek/

Regards,
Jabra

Recently, the BASE team released version 1.4.3 nicknamed "gabi". During a long night working on Backtrack 4, I started playing around with BASE 1.4.3. Within minutes I found 3 Persistent Cross-Site Scripting(XSS) vulnerabilities. For those who don't know, Cross-Site Scripting allows the attacker to inject Javascript to modify the functionality of the webpages. Since this vulnerability exists in BASE, this allows an attacker to drop alerts(all of them or specific alerts), modify user information including passwords, modify the configuration of BASE and many other tasks. The only limitation is the attacker's creativity.

The vulnerabilities exist in pages that use information from 3 different components of BASE including: alert groups, roles and user information.

For creating a user, the name field was found to be vulnerable. For the name field, I just injected Javascript and it was rendered!

For creating an alert group, we just need to include a closure for the html by using "> and add our Javascript afterwards. This causes the page that loads the name, to close the html and execute our Javascript! This is due to html encoding being used on the page.

For creating a role, both the name and the description field were vulnerable. The name field was limited to a specific number of characters. To verify I just injected XSS and verified it rendered properly. The description field was just straight Javascript.

As always here are the screenshots, since people like pretty pictures!!!
















To all the BASE developers, I must say: "MOVE ZIG!!"

Regards,
Jabra

** Update 05/31 **

Here are more details:

http://spl0it.org/files/BASE-XSS/Persistent-notes.txt
http://spl0it.org/files/BASE-XSS/Persis ... -notes.txt
http://spl0it.org/files/BASE-CSRF/notes.txt
http://spl0it.org/files/BASE-XSS/Reflective-notes.txt


Basic Analysis and Security Engine (BASE) is a well known PHP frontend to the Snort Intrusion Detection System. The latest version is 1.4.2. This version contains both Persistent and Reflective Cross-Site Scripting.














Examples:
http://spl0it.org/files/BASE-XSS/BASE-XSS-AddGroup.png
http://spl0it.org/files/BASE-XSS/BASE-X ... onfirm.png
http://spl0it.org/files/BASE-XSS/BASE-XSS-Search.png
http://spl0it.org/files/BASE-XSS/BASE-X ... onfirm.png


The issue is due to a lack of validation on the user input and likely affects other versions as well.

"All your BASE are belong to us."

It's funny, that this is actually true.

Regards,
Jabra

Peer-programming is one way that good software is developed. To do peer-programming, requires at least two people to focus on a problem and build the solution together. This can be done with a single computer and two chairs or vim + screen. Recently, I found a new program that provides the functionality of collaboration without the setup time of multi-user screen sessions. The program is called gobby. Gobby has both a server and client. This is ideal, since the information is kept on systems the users trust. Passwords can be required to access specific document and connections are made using TLS.

Here is an example:



The above screenshot shows a small Perl script with the syntax highlighting. Also, gobby allows each user to choose a background color that makes identifying the author of each line easy. Gobby even lets the user replace tabs with spaces. It even has the ability for users to chat with everyone working on the document. I think the best feature of gobby, is that multiple users can even edit the document at the same time!!!

On Ubuntu, gobby can be installed by using the following command:

sudo apt-get install gobby

Try out gobby and let me know what you think.

Regards,
Jabra